Access Rights
Last modified by Ecaterina Moraru (Valica) on 2020/01/28 14:36
An overview of rights
Rights can be managed or configured to work on different scopes or layers. A wiki-level setting might act on the whole wiki, or be superseded by a (higher ranking) page-level setting. (*need to improve*)
To further complicate things, there is also group rights and user rights. Therefore can access be granted and forbidden by different groups. If this happens, and there is no higher ranking level, we have a tie.
Depending on what the right is, the tie is broken differently.
Access table shootout
Name | Default | Hierarchy | Tie means | Levels | |
---|---|---|---|---|---|
View | Allow | Smaller win | Deny | page,space,wiki | |
Edit | Allow | Smaller win | Deny | page,space,wiki | |
Comment | Allow | Smaller win | Deny | page,space,wiki | |
Delete | Deny | Smaller win | Deny | page,space,wiki | |
Admin | Deny | Larger win | Allow | wiki,space | |
Register | Allow | N/A | Allow | wiki | |
Program | Deny | N/A | Allow | wiki |
TODO: Check if Admin is Deny by default, original document say otherwise
Original page starts here
Here is a lists of all the rights available in XWiki and their default setting.
- Right name: brief description of the right
- Availability: at what level can you set this right?
- Page: this right can be set at the page level
- Space: this right can be set at the space level
- Wiki: this right can be set at the wiki level
- Default status: is the right allowed or denied when the checkbox is left blank?
- ALLOWED: this means that users CAN perform the given action if no other right is set
- DENIED: this means that users CANNOT perform the given action if no other right is set
- Priority order: which setting wins over another if an user has 2 different settings?
- Checking order: at what level is the right checked first?
- Availability: at what level can you set this right?
- View: whether users can see the page
- Availability:
- Page
- Space
- Wiki
- Default status: ALLOWED
- Priority order: deny > allow > no setting
- Checking order: page > space > wiki
- Availability:
- Comment: whether users can add a comment to the page
- Availability:
- Page
- Space
- Wiki
- Default status: ALLOWED
- Priority order: deny > allow > no setting
- Checking order: page > space > wiki
- Availability:
- Edit: whether users can edit and save modifications to the page
- Availability:
- Page
- Space
- Wiki
- Default status: ALLOWED
- Priority order: deny > allow > no setting
- Checking order: page > space > wiki
- Availability:
- Delete: whether users can delete the page
- Availability:
- Page
- Space
- Wiki
- Default status: DENIED (unless you're the document creator)
- Priority order: deny > allow > no setting
- Checking order: page > space > wiki
- Availability:
- Admin: whether users can manage administration settings for the space / wiki
- Availability:
- Space (Automatically includes the view, comment, edit, delete rights)
- Wiki (Automatically includes the view, comment, edit, delete, register, program rights)
- Default status: ALLOWED
- Priority order: allow > deny > no setting
- Checking order: wiki > space
- Availability:
- Register: whether users can create new user accounts
- Availability:
- Wiki
- Default status: ALLOWED
- Priority order: allow > deny > no setting
- Checking order: wiki
- Availability:
- Program: whether users can use protected APIs & Groovy code in wiki pages
- Availability:
- Wiki
- Default status: DENIED
- Priority order: allow > deny > no setting
- Checking order: wiki
- Availability: